On Oct 5, 2011, at 11:34 AM, Scott Roebuck wrote:
> 10.7 (Lion) will by default, no longer allow anyone except the current
> console user to dismiss an active password protected screen saver. In
> previous versions of Mac OS X, it was possible to enter the name of any local
> administrator account credentials and bypass the screen saver, regardless of
> who was currently logged into the console.
>
> In this environment computers are required to be locked so IT maintains a
> local master admin account on all computers so that an IT staff member could
> do maintenance/troubleshooting at an end user's Mac locked with a screen
> saver. The end user is not required to be present to physically unlock the
> screen saver.
>
> I believe this problem exists if you ARD in to the computer as well.
>
> In 10.6 you would be required to edit the /etc/pam.d/screensaver file in
> order for this to work but that does not work in 10.7. Part of the problem in
> 10.7 is that with a locked screensaver only the credentials of the current
> console user is presented and it doesn't appear that there is anyway to
> switch to another admin user.
>
> Does anyone know if this behavior can be changed? Am I just missing something
> really simple?
I was not aware that you could ever do this in /etc/pam.d/screensaver.
I thought that the place to do this was always /etc/authorization, specifically
in the system.login.screensaver section. If the entry there indicates you
should be able to do this, and you can't, then it is a bug and you should
report it as such.
--
Karl Kuehn
[email protected]
_______________________________________________
MacOSX-talk mailing list
[email protected]
http://www.omnigroup.com/mailman/listinfo/macosx-talk
